[linux-yocto] [kernel-cache][master][yocto-6.1][PATCH] features: update ima.cfg to match current meta-integrity

Fri, 07 Jul 2023 05:57:53 -0700 

Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
 features/ima/ima.cfg | 36 ++++++++++++++++++++++++++++--------
 1 file changed, 28 insertions(+), 8 deletions(-)

diff --git a/features/ima/ima.cfg b/features/ima/ima.cfg
index 2fc801f7..acb5fd02 100644
--- a/features/ima/ima.cfg
+++ b/features/ima/ima.cfg
@@ -1,15 +1,35 @@
 # SPDX-License-Identifier: MIT
 CONFIG_IMA=y
+CONFIG_IMA_LSM_RULES=y
 CONFIG_IMA_MEASURE_PCR_IDX=10
-CONFIG_IMA_NG_TEMPLATE=y
-CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-CONFIG_IMA_DEFAULT_HASH="sha1"
-CONFIG_IMA_APPRAISE=y
-CONFIG_IMA_APPRAISE_BOOTPARAM=y
+CONFIG_IMA_SIG_TEMPLATE=y
+CONFIG_IMA_DEFAULT_TEMPLATE="ima-sig"
+CONFIG_IMA_DEFAULT_HASH_SHA256=y
+CONFIG_IMA_DEFAULT_HASH="sha256"
+CONFIG_IMA_ARCH_POLICY=y
+CONFIG_IMA_APPRAISE_BUILD_POLICY=y
+CONFIG_IMA_APPRAISE_REQUIRE_POLICY_SIGS=y
+CONFIG_IMA_APPRAISE_SIGNED_INIT=y
+CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y
+CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y
+CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y
 CONFIG_IMA_TRUSTED_KEYRING=y
+CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
 CONFIG_SIGNATURE=y
 CONFIG_IMA_WRITE_POLICY=y
 CONFIG_IMA_READ_POLICY=y
-CONFIG_IMA_LOAD_X509=y
-CONFIG_IMA_X509_PATH="/etc/keys/x509_ima.der"
+CONFIG_INTEGRITY=y
+CONFIG_INTEGRITY_SIGNATURE=y
+CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
+CONFIG_INTEGRITY_TRUSTED_KEYRING=y
+CONFIG_EVM=y
+CONFIG_KEYS=y
+CONFIG_ASYMMETRIC_KEY_TYPE=y
+CONFIG_SYSTEM_TRUSTED_KEYRING=y
+CONFIG_SECONDARY_TRUSTED_KEYRING=y
+CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y
+CONFIG_X509_CERTIFICATE_PARSER=y
+CONFIG_PKCS8_PRIVATE_KEY_PARSER=y
+CONFIG_CRYPTO_ECDSA=y
+CONFIG_SECURITY=y
+CONFIG_SECURITYFS=y
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#12845): 
https://lists.yoctoproject.org/g/linux-yocto/message/12845
Mute This Topic: https://lists.yoctoproject.org/mt/100005360/21656
Group Owner: linux-yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/linux-yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to